This week
A condensed format this week because I’m travelling.
-
US Director of National Intelligence Tulsi Gabbard says that the UK has “agreed to drop” a request for Apple to develop a ‘backdoor’. There has been backlash in the US from a UK Home Office Technical Capability Notice requiring Apple to develop tools that would allow UK agencies access to encrypted data. Gabbard’s words are quite tightly worded, though, specifically tying it to the access of encrypted data of American citizens. Federal Trade Commission (FTC) Chair Andrew Ferguson cited the EU Digital Services Act and UK Online Safety Act, and “anti-encryption policies for foreign governments” in a warning to US tech companies not to weaken Americans’ free speech and data privacy rights. BACK DOOR, FTC
-
Interpol has arrested 1,209 people in Africa as part of Operation Serengeti 2.0, which targeted ransomware, BEC scammers, and other cybercriminals across the continent. Law enforcement also seized over $97 million from the criminal gangs, including $37 million worth of equipment being used by 60 Chinese nationals to run 25 cryptocurrency mining centres — including ‘illegal power stations’ (substations?) used to siphon electricity from the country’s grid. Obviously, this is a great result, but it also highlights the level of sophistication and investment that gangs and fraudsters are willing to make in developing their criminal enterprises. INTERPOL
In brief
-
⚠️ Incidents: Workday disclosed a data breach from a ‘third-party customer relationship management (CRM) system. It’s mostly basic info for business customers. Several companies using Salesforce have experienced similar incidents recently, including Qantas, Google, Adidas, and Allianz (see below), among others. HaveIBeenPwnd believes that 1.1 million people may have been affected by the July data breach at Allianz. The insurance company has not confirmed how many of its 1.4 million customers were impacted by the attack. Orange Belgium says 850,000 customers’ account data were compromised during a July incident, with attackers stealing names, phone numbers, and SIM card numbers, among other data. WORKDAY, ALLIANZ, ORANGE
-
🕵️ Threat Intel: Researchers have released an open source tool for sniffing 5G mobile network traffic. The team from Singapore University say they tool can be used to downgrade the comms used to older protocols and “and injects targeted attack payload in downlink communication towards the UE [User Equipment, i.e. a phone].” GSMA, the industry standards body, thanked researchers and disputed some of the findings where the recommended standards are being followed. 5G SNIFFING
-
🧰 Guidance and tools: NIST has launched a consultation on a concept paper for the control overlays needed for securing AI systems. NIST AI
-
🛠️ Security engineering: Okta has open-sourced Auth0 detection rules to help customers detect suspicious events, compromised accounts, and account takeovers. The Sigma rules can be converted to different SIEM formats for analysis within existing customer security tools. AUTH0, GITHUB
-
💰 Investments, mergers and acquisitions: Palo Alto Networks had a strong fourth fiscal quarter, reporting a 15% increase in revenue compared to the same period last year. It’s forecasting a 14% annual increase to $10.53 billion. Accenture is to acquire CyberCX in a deal valued at AU$1 billion (approximately US$650 million). CyberCX is an Australian ‘private equity roll up’ with BGH Capital bringing together tens of firms since 2019 into a full-service cyber security firm. PALO, CYBERCX
And finally
- Disgruntled: A 55-year-old developer at a power management business received a four-year prison sentence this week for installing a “kill switch” if the company revoked his network access. The Java programme, which would spawn an infinite number of threads on the system, was called “IsDLEnabledinAD” — with DL being his initials. DL